Delegation Metasystem for Composite Services

1. A computing device to provide a composite service, the computing device comprising: one or more processors; memory; and a plurality of generic resource descriptions stored in the memory, including service requirements for the composite service, and wherein the generic resource descriptions are mapped to available resources at runtime based at least in part on the service requirements for the composite service, the available resources comprising metadata, the metadata comprising at least one of: data identifying an access control model associated with the resource and a management endpoint for the resource, and a dependency between a user of the composite service and at least one of the available resources; the one or more processors being configured to select one plug-in of a first plurality of plug-ins different from a second plurality of plug-ins, selection of one of the second plurality of plug-ins being part of a delegation of access rights to the composite service for at least one available resource, based at least in part on credentials for the at least one available service provided to the composite service.

2. A computing device to provide a composite service according to claim 1 , wherein the plurality of generic resource descriptions is included within metadata associated with the composite service.

3. A computing device to provide a composite service according to claim 2 , wherein the metadata further comprises identity information for the composite service.

4. A computing device to provide a composite service according to claim 1 , further comprising a plurality of plug-ins, wherein each of the plurality of plug-ins corresponds to an access control model.

5. A computing device to provide a composite service according to claim 4 , further comprising a service provision module associated with the plurality of plug-ins, and arranged to select one of the plurality of plug-ins at runtime based at least in part on a verified credential for an available resource.

6. A computing device to provide a composite service according to claim 1 , further comprising a module arranged to verify credentials received for an available resource.

7. A computing device to provide a composite service according to claim 1 , further comprising a data store arranged to store credentials received for an available resource.

8. A computing device to provide a composite service according to claim 1 , arranged: to receive credentials associated with an available resource; and on invocation of the composite service, to use the credentials to access the available resource.

9. A method of initiating a composite service comprising: at a runtime; accessing generic service requirements for the composite service; mapping the generic service requirements to at least one available service having an access control model, the access control model being associated with a plurality of available resources comprising metadata, the metadata comprising at least one of: data identifying an access control model associated with the resource and a management endpoint for the resource; delegating access rights to the composite service for the at least one available service comprising, selecting one plug-in, of a first plurality of plug-ins, corresponding to the access control model of the at least one available service; and providing credentials for the at least one available service to the composite service for the composite service to select one plug-in, of a second plurality of plug-ins different from the first plurality of plug-ins, based at least in part on the provided credentials.

10. A method according to claim 9 , wherein accessing generic service requirements comprises: accessing metadata associated with the composite service, the metadata comprising the generic service requirements and identity data for the composite service.

11. A method according to claim 9 , wherein mapping the generic service requirements to at least one available service comprises: accessing metadata associated with each of a plurality of available services; and mapping the generic requirements to at least one of the plurality of available services based on at least the metadata.

12. A method according to claim 9 , further comprising using the selected one of the plurality of plug-ins to communicate with the at least one available service.

13. A method according to claim 9 , further comprising: on termination of the composite service; revoking the access rights.

14. A delegation metasystem comprising: one or more processors; memory; a composite service comprising a first set of plug-ins associated with different access control models, each of the access control models being associated with an available resource of a plurality of available resources, the composite service arranged to: receive a credential from a delegation module for at least one available resource of the plurality of available resources; select a plug-in at runtime from the first set of plug-ins based at least in part on the received credential; and access, via the plug-in selected at runtime from the first set of plug-ins, the at least one available resource at runtime to execute the composite service; a resource mapping application, stored in the memory, having computer executable instructions that when executed by the one or more processors is arranged to map generic resource requirements of the composite service to at least one available resource of the plurality of available resources at runtime, the plurality of available resources comprising metadata, the metadata comprising at least one of: data identifying an access control model associated with the resource and a management endpoint for the resource; a second set of plug-ins, different from the first set of plug-ins, and associated with the different access control models associated with the available resources; wherein the delegation module is arranged to delegate access rights for the at least one available resource to the composite service at runtime using a plug-in selected at runtime from the second set of plug-ins, and wherein the plug-in selected at runtime from the second set of plug-ins corresponds to the access control model associated with the at least one available resource and is used to communicate with the at least one available resource.

15. A delegation metasystem according to claim 14 , wherein the composite service comprises: a composite service application arranged to receive an identifier and a credential for each of the at least one available resources; and a service provision module arranged to access the at least one available resource using the identifier and credential and the plug-in selected from the first set of plug-ins, wherein the plug-in selected from the first set of plug-ins corresponds to the access control model associated with the at least one available resource.

16. A delegation metasystem according to claim 14 , wherein the delegation module is further arranged to revoke access rights for the at least one available resource to the composite service using one of the plurality of plug-ins on termination of the composite service.